
What is claimed is: 

1 . In a systen i 
2 enforcing a securit; 



11 



having one or more security mechanisms, a method of defining and 
policy, the method comprising: 



encapsulati ng security mechanism application specific information for each 

4 security mechanism, wherein encapsulating includes forming a key for each security 

5 mechanism; 

6 combining keys to form key chains; 

7 encapsulatiijg key chains as keys and passing the key chain keys to another 

8 semantic layer; 

9 defining the security policy, wherein defining includes forming key chains fi*om 
10 keys and associating users with key chains; 



translating the security policy and exporting the translated security policy to the 



1 2 security mechanisms 

13 enforcing the 



1 2. The method 

2 more distributed contputer 



1 3. 



The method 



1 4. The method 

2 drilling down into a 



and 

security policy via the security mechanisms. 



Df claim 1 wherein the security mechanisms are located on one or 
networks. 



of claim 1 wherein the security mechanisms are heterogeneous. 

of claim 1, wherein defining the security policy fiirther includes 
next lower semantic layer to form a new key chain. 



1 5. The method (|)f claim 1 wherein the security policy is defined using a graphical 

2 user interface. 



1 6. 
2 



a plurality of 



A security system comprising: 



lecurity mechanisms; 



Attorney Docket 105.174US1 



34 



a plurality of sem; 



liti 



4 semantic layer combines k 



itic layers, including a first semantic layer, wherein the first 
sys, wherein each key encapsulates security mechanism 

5 application specific infomnlation for a security mechanism; 

6 a user interface for defining a security policy as a function of keys received fi-om 

7 a lower semantic layer; and 

8 a translator for trar slating the security poHcy to the security mechanisms. 

1 7, The system according to claim 6 wherein the user interface is a graphical user 

2 interface. 



1 8. The system accord 

2 access control model. 



ng to claim 6 wherein the security policy is a role-based 



1 10. The system of claini 

2 down into a lower semantic 



1 11. A security system c omprising: 



2 a model comprisin] 

3 policies and constraints for 
4 
5 



1 9. The system of claim 6 wherein the semantic layers form a poset. 



6 wherein the user interface includes means for drilling 
layer to form a new key chain. 



one or more semantic layers for defining different security 
sach type of user; 
a tool for manipulating the model; and 

a translator for trans lating security policies from the model to security 



2 layer, one or more semantic 



6 mechanisms in one or more computer resources. 



1 12. The method of claim 1 1 wherein the model comprises a static application policy 



policy layers, and a dynamic local policy layer. 



1 13. The method of claim 1 1 wherein the model represents a set of access rights for a 

2 computer resource as a key and the model represents a set of keys as a key chain. 
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14. 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 

1 1 chain; 

12 

13 

14 

15 chain; 

16 

17 



A method of defining a security pohcy, the method comprising: 
defining an appHcation poiicy layer and a pluraUty of semantic poHcy layers, 
including a first semantic policy layer and a second semantic layer; 

encapsulating a set of access rights for a computer resource as a key; 
combining keys to form/ one or more key chains within the appUcation policy 

layer; 

exporting key chains lA the application policy layer as a key; 
importing at least one /key from the application policy layer into the first 
semantic policy layer; 

combining one or mc/re keys in the first semantic policy layer to form a key 



exporting key chains in the first semantic policy layer as keys; 

importing at least oie key into the second semantic policy layer; 

combining one or more keys in the second semantic policy layer to form a key 

exporting key chaihs in the second semanfic policy layer as keys; 
importing at least Jbne key from the second semantic policy layer to a local 



18 policy layer; 



combining one o^ more keys in the local policy layer to form one or more local 



20 policy key chains; and 



21 



assigning users ti local policy key chains in the local policy layer. 



1 15. The method of olaim 14 wherein combining one or more keys to form a key 

2 chain includes combinipg a key chain with the one or more keys to form another key 

3 chain. 



1 16. The method cff claim 14 wherein combining one or more keys in the first 

2 semantic layer incluges combining a key chain with the one or more keys to form 

3 another key chain. 
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1 17. The method of claim 14 wherein combining one or more keys to form a key 

2 chain includes associatmg a constraint with the key chain, wherein the constraint must 

3 be satisfied before access to a computer resource govemed by the key chain is granted. 

1 18. The method of claim 14 wherein encapsulating includes grouping methods into 

2 handles and handles into Keys. 

1 19. The method of clai\n 18 wherein each key chain includes handles for different 

2 computer resources. 

1 20. The method of clainl 14 wherein combining one or more keys to form a key 

2 chain includes marking the Hpy chain as abstract, wherein key chains marked as abstract 

3 are not exported to other layers. 

1 21 . The method of claim 14 further comprising combining one or more keys and 

2 key chains in the local policy layer to form a new key chain in the local policy layer. 



1 
2 
3 
4 
5 
6 
7 



22. 



10 
11 



layer; 



A method of defining a security policy, the method comprising: 
defining an appHcationlpolicy layer and a semantic policy layer; 
encapsulating a set of adcess rights for a computer resource as a key; 
combining keys to form lone or more key chains within the application policy 



exporting key chains in t 
importing at least one ke^ 



e application policy layer as a key; 
from the application policy layer into the semantic 



8 policy layer; 
9 



combining one or more k€ ys in the semantic policy layer to form a key chain; 
exporting key chains in th j semantic policy layer as keys; 
importing at least one key {from the semantic poUcy layer to a local policy layer; 
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combining one or more keys ih the local policy layer to form one or more local 
policy key chains; and 

assigning users to local polic> key chains in the local policy layer. 



1 23. The method of claim 22 whd-ein combining one or more keys in the semantic 

2 policy layer to form a key chain incpdes combining a key chain with the one or more 

3 keys to form another key chain. 

1 24. The method of claim 22 wperein combining one or more keys in the local policy 

2 layer to form a key chain include^ combining a key chain with the one or more keys to 

3 form another key chain. 

1 25. The method of claim 22/wherein combining one or more keys in the semantic 

2 policy layer to form a key chaiij includes associating a constraint with the key chain, 

3 wherein the constraint must be jsatisfied before access to a computer resource govemed 

4 by the key chain is granted. 



1 
2 
3 
4 



26. The method of claim 22 wherein combining one or more keys in the local policy 
layer to form a key chain incllides associating a constraint with the key chain, wherein 
the constraint must be satisfied before access to a computer resource govemed by the 
key chain is granted. 



1 27. The method of claim|22 wherein encapsulating includes grouping methods into 

2 handles and handles into kevs. 

1 28. The method of claiifi 27 wherein each key chain includes handles for different 

2 computer resources. 
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# 



1 29. The method of claim 22 whereinr combining one or more keys to form a key 

2 chain includes marking the key chain a/ abstract, wherein key chains marked as abstract 

3 are not exported to other layers. 

1 30. The method of claim 22 furttier comprising combining one or more keys and 

2 key chains in the local policy layer Ao form a new key chain in the local policy layer. 



31. 



layer; 



A method of modifying a/security policy, the method comprising: 
defining an application pmicy layer and a semantic policy layer; 
encapsulating a set of aocess rights for a computer resource as a key; 
combining keys to fomi one or more key chains within the application policy 

exporting key chains m the application policy layer as a key; 

importing at least one/ key from the application policy layer into the semantic 



8 policy layer; 

9 combining one or nu)re keys in the semantic policy layer to form a key chain; 

10 exporting key chains in the semantic policy layer as keys; 

1 1 importing at least dne key from the semantic policy layer to a local poUcy layer; 

12 combining one or piore keys in the local poUcy layer to form one or more local 

1 3 policy key chains; 

14 assigning users td local policy key chains in the local policy layer; 

15 constructing a role hierarchy by sorting the key chains into a partial ordering 

1 6 based on set containmer 

17 displaying the nartial ordering as a role hierarchy graph; and 

18 adding and deleting keys from the role hierarchy graph. 



1 32. An article comprising a computer readable medium having instructions thereon, 

2 wherein the instructijSns, when executed in a computer, create a system for executing the 

3 method of claim 1 . 
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1 33. An article comprising a computer readable medium having instructions thereon, 

2 wherein the instructions, when exequted in a computer, create a system for executing the 

3 method of claim 14. 

1 34. An article comprising a computer readable medium having instructions thereon, 

2 wherein the instructions, when e?/ecuted in a computer, create a system for executing the 

3 method of claim 22. 

1 35. An article comprising a/ computer readable medium having instructions thereon, 

2 wherein the instructions, when/executed in a computer, create a system for executing the 

3 method of claim 3 1 . 



1 36. In a system having a workflow management system and a central policy 

2 management system, a methoJd of controlling workflow, comprising: 

3 creating a workflow fflass definition; 

4 exporting the workflpw class definition to the central policy management 

5 system; 

6 binding resources ai^d roles to steps within the central policy management 

7 system; 

8 creating a workflov^^ instance in both the workflow management system and the 

9 central policy management system; and 

1 0 executing the work low instance. 

1 37. An article comprising a computer readable medium having instructions thereon, 

2 wherein the instructions, vfhen executed in a computer, create a system for executing the 

3 method of claim 36. 



1 

2 
3 



38. A workflow control system, comprising: 



a workflow man; 



gement system; and 



a central policy management system; 
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5 and exports the workflow cl 



wherein the workflow management system creates a workflow class definition 



iss definition to the central policy management system; and 

6 wherein resources ^d roles are bound to steps within the central policy 

7 management system. 
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